My father opened up an email and clicked on a link in it that was to "msnbc.msn.com-report3.us/finance/" and now it is forwarding to every single contact on his list, I'm at a loss right now. Please help? Sorry if this is not an appropriate place to ask this.

He's got a malware infection. Take off and nuke the PC from orbit. Only way to be sure.

Seriously, you could try downloading some AV and detecting and cleaning it, but depending on what got installed, it could leave hooks in there for good. So you should clean it off immediately just to keep it from spreading itself more, then consider reinstalling the OS, installing some decent AV, then restoring any old documents from backup. Even Windows Defender is better than nothing.

So this is not something lingering in his email that could just be triggered by opening the email and it doesn't have access to his email account? He opened it on his work computer, so he's just gonna give it to the IT.

It's likely the infection point was a drive-by download on the site he visited. Having the malware payload attached to the email itself is possible, but it's not as common, and when it is, it's usually a straight up trojan executable.

Whatever got on the machine could potentially have gotten full control though, so even if it's not necessarily the message itself that's the problem, the malware on the machine could have any amount of access to email and more, such as any passwords typed while the malware was active.

I dont know why people fall for thisI mean usual email spam is like ridiculously easy to spot... I guess if you dont know that the sender email can actually be fake you could be trickednever click links, never open attachment unless you really know what it is

but I know even those spam emails that you get from friends email account and the phrasing is so obvious and weird to me that I spot it immediately

fishing emails, I can understand if you're not familiar with them, but its 2012...

Yeah, the same thing had happened to the person who sent it to him. The address *looked* legit to him, and it brought him to an actual article, and he got the email from someone he was waiting to hear from.

Vigilance is all well and good, but I myself am probably a late evening and a drink away from falling for a phish someday, at least the first click, which may be all it needs. I heard the same thing in a keynote address from a security researcher, and I don't think you and I are necessarily any better than him. It turns out that moral disapprobation of the target's gullibility has, over the ages, never really been a very effective security policy.

Do not open that sort of thing. Microsoft doesn't just send out mails like that ^^

Have you ever had your account frozen by PayPal? The mails they send out look exactly like phishing, down to phrases like "verify your account". There's a reason phishers have had so much success with their phrasing.

One of my banks never sends links in their emails. Another one "helpfully" includes things like "click here to connect to online banking". Sigh...

Do not open that sort of thing. Microsoft doesn't just send out mails like that ^^

Have you ever had your account frozen by PayPal? The mails they send out look exactly like phishing, down to phrases like "verify your account". There's a reason phishers have had so much success with their phrasing.

One of my banks never sends links in their emails. Another one "helpfully" includes things like "click here to connect to online banking". Sigh...

I do anti-spam for a living, and for years it was with an emphasis on phishing, so I'm perfectly aware of how to be safe. Still it remains that a lot of financial institutions don't seem to know or care about best practices like not including direct links to online banking in their emails. Or the case of PayPal, who actually does scrupulously use DKIM, yet doesn't pay too much attention to how suspicious the actual content often is.

yeah if its like a short url/acronym you could miss it like "paypal.com" but its referring to "paypal.ytmnd.com"

Also, I guess you guys also get the spam mails which are like "Hey I'm from China, and I have $47385624856, I need you to move it for me" or whateverthose never have links - what do they hope to accomplish ? What IF I reply ? :D

Also, I guess you guys also get the spam mails which are like "Hey I'm from China, and I have $47385624856, I need you to move it for me" or whateverthose never have links - what do they hope to accomplish ? What IF I reply ?

You'll get a reply from a human who will elaborate the scam further. I read an interesting interview with a Nigerian scammer, who revealed a really interesting fact: a lot of them speak much better English than the terrible grammar and clumsy pitch in the emails would indicate, but since they actually get so many responses anyway they deliberately phrase the pitch in such a way that only a fool would fall for them. In which case, the responses they get back are from those fools who are inherently easier to scam. So despite what I said earlier about phishing, you do actually have to be an idiot (or otherwise deluded) to fall for 419 scams, because they're actually screening for exactly that.

Incidentally, if you want to see the hilarity that results from people who do reply to the scams in order to screw with the scammers, check out 419eater.com

java-gaming.org is not responsible for the content posted by its members, including references to external websites,
and other references that may or may not have a relation with our primarily
gaming and game production oriented community.
inquiries and complaints can be sent via email to the info‑account of the
company managing the website of java‑gaming.org